Hosted Pages Solution

Hosted Pages Solution

MasterCard Payment Gateway Services provides a hosted pages solution to radically reduce the burden of PCI DSS compliance for Merchants. The solution fronts the rich functionality and high service level payment processing already provided by the MasterCard Payment Gateway.

Consistent functionality includes multi-currency, multi card type, high availability, security, resilience, fraud prevention tools and access to the management reporting system. 

The solution is easily integrated with any existing Merchant website, call centre or mobile app, allowing retained control of look, feel and branding and preventing customers from feeling they are being moved to another site to make payment. 

Key Product Features:


MasterCard Payment Gateway Services Hosted Pages Solutions capture and transmit sensitive card data (PAN – Card Number, CV2, Expiry Date, Issue Number – where relevant) from within the Merchant’s usual payment workflow/ checkout process.  

Sensitive card data is entered within a secure page hosted by MasterCard Payment Gateway Services – Merchants are given the flexibility to display this page using a pop-up, redirect or iframe model.

MasterCard Payment Gateway Services can provide a default page template as a guide, which Merchants are then able to customise as they see fit (providing mandatory data fields remain unchanged).

The solution can be used as an extension to an existing MasterCard Payment Gateway Services integration with minimum changes required to a Merchants payments workflow.  For full technical details please see the MasterCard Payment Gateway Services Developers guide.

Placeholders are available to allow the Merchants to display dynamic fields on the payment page – e.g. customer name, or product name.

MasterCard Payment Gateway Services offers 2 variations to the Hosted Pages Solution – difference between each highlighted below:

 

Hosted Card Capture (HCC)

Hosted Pages (HPS)

Dynamic Capture Fields -
Available 
Can display up to nine dynamic capture fields on the capture page. 
Used to capture additional information from the Card Holder which is returned as part of the query transaction.

Dynamic Capture Fields -
Available 
Can display up to nine dynamic capture fields on the capture page. 
Used to capture additional information from the Card Holder which is returned as part of the query transaction.

Card Type Identification -
Available

Facilitates the determination of card Scheme prior to the authorisation process. This gives the option to merchants to levy different charges based on the card Scheme.

Card Type identification - 
Available for limited use

 Card type identification is possible post authorisation but it is not possible for merchants to levy different charges based on Card Scheme.

Merchant controls theauthorisation process by managing the flow of XML requests to MasterCard Payment Gateway Services, including 3-D Secure authorisation if required.

MasterCard Payment Gateway Services manages authorisation process, including 3-D Secure authorisation if required

 

Payments Flow


 

Hosted Card Capture (HCC)

Hosted Pages (HPS)

When a card transaction is processed using HCC hosted model, the three following actions are made, each of which makes a call to the MasterCard Payment Gateway:

When a card transaction is processed using HPS, the actions are similar to that in the HCC model, there are less calls made to the MasterCard Payment Gateway:

1. Setting up an HCC Session:

i) 
The Merchant sends  a simple XML request  which returns a session ID and URL.

ii) The Session ID in conjunction with URL allows the Merchant to direct the Customer to the HCC capture page (appearing in the preferred method implemented by the Merchant – pop-up, iFrame or redirect) where their card details are entered, captured and stored by MasterCard Payment Gateway Services for 10 minutes. 
 The session ID can be used to track the data that is supplied.

iii) Once submitted the Customer is directed back to the Merchant’s site to complete the transaction.

It is worth noting, that throughout this process, there is no need for the customer to see any signs of leaving the Merchants site at any point.

1. Setting up an HPS Session and Processing the Transaction:

i) The Merchant sends a comprehensive XML request for an HPS capture page, containing all elements of the payment except card details. At this stage the merchant must provide amount, currency, transaction type and optionally Fraud/Risk information, PayPal and if 3-D Secure is required or not.  This returns a session ID, URL and MasterCard Payment Gateway Services reference.

ii) The Session ID in conjunction with URL allows the Merchant to display the HPS capture page to the customer (in whatever method implemented by the Merchant - pop-up, iFrame or re-direct ) where their card details are entered, captured by MasterCard Payment Gateway Services and sent to the Acquiring  bank for authorisation and completes the transaction.

 The MasterCard Payment Gateway Services reference can be used to track the data that is supplied.

2. Querying the Captured Data:

i) This is an optional request, to check whether the card details were captured correctly.  The response to this request will also include card scheme, country of issue, expiry date, card issuer and the masked PAN (card number) where applicable.

The query transaction allows the identification of the card Scheme pre-authorisation and therefore allows for the levying of different charges based on card Scheme.

2. Querying the Captured Data:

i) This is an optional request, available for the Merchant to make at the point when the Customer is returned to their website, to check whether the card details were captured correctly and the outcome of the authorisation request. 

The response to this request will also include card scheme, country of issue, expiry date, card issuer and the masked PAN (card number) where applicable.

3. Processing a Transaction:

i) At this stage the Merchant can now send a standard card transaction to the MasterCard Payment Gateway referencing the captured details, supplied from step 1, in the authorisation request  in place of the PAN (card number).
After this stage the transaction is completed.